5 #ifndef CVMFS_CRYPTO_SIGNATURE_H_
6 #define CVMFS_CRYPTO_SIGNATURE_H_
10 #include <openssl/bio.h>
11 #include <openssl/engine.h>
12 #include <openssl/err.h>
13 #include <openssl/evp.h>
14 #include <openssl/pem.h>
15 #include <openssl/rsa.h>
16 #include <openssl/x509.h>
37 std::string GetCryptoError();
39 void UnloadPrivateKey();
40 void UnloadPublicRsaKeys();
41 void UnloadPrivateMasterKey();
42 void UnloadCertificate();
44 bool LoadPrivateMasterKeyPath(
const std::string &file_pem);
45 bool LoadPrivateKeyPath(
const std::string &file_pem,
46 const std::string &password);
47 bool LoadPrivateMasterKeyMem(
const std::string &key);
48 bool LoadPrivateKeyMem(
const std::string &key);
49 bool LoadCertificatePath(
const std::string &file_pem);
50 bool LoadCertificateMem(
const unsigned char *buffer,
51 const unsigned buffer_size);
52 bool WriteCertificateMem(
unsigned char **buffer,
unsigned *buffer_size);
58 static shash::Any MkFromFingerprint(
const std::string &fingerprint);
60 bool LoadPublicRsaKeys(
const std::string &path_list);
61 bool LoadBlacklist(
const std::string &path_blacklist,
bool append);
62 std::vector<std::string> GetBlacklist();
64 bool LoadTrustedCaCrl(
const std::string &path_list);
66 bool Sign(
const unsigned char *buffer,
const unsigned buffer_size,
67 unsigned char **signature,
unsigned *signature_size);
68 bool SignRsa(
const unsigned char *buffer,
const unsigned buffer_size,
69 unsigned char **signature,
unsigned *signature_size);
70 bool Verify(
const unsigned char *buffer,
const unsigned buffer_size,
71 const unsigned char *signature,
unsigned signature_size);
72 bool VerifyRsa(
const unsigned char *buffer,
const unsigned buffer_size,
73 const unsigned char *signature,
unsigned signature_size);
74 bool VerifyLetter(
const unsigned char *buffer,
const unsigned buffer_size,
76 bool VerifyPkcs7(
const unsigned char *buffer,
const unsigned buffer_size,
77 unsigned char **content,
unsigned *content_size,
78 std::vector<std::string> *alt_uris);
79 static void CutLetter(
const unsigned char *buffer,
80 const unsigned buffer_size,
82 unsigned *letter_length,
83 unsigned *pos_after_mark);
86 std::string GetActivePubkeys()
const;
87 std::vector<std::string> GetActivePubkeysAsVector()
const;
89 std::string GetPrivateMasterKey();
91 std::string GetCertificate()
const;
93 std::string GetPrivateKey();
95 void GenerateMasterKeyPair();
96 void GenerateCertificate(
const std::string &cn);
99 RSA *GenerateRsaKeyPair();
100 std::string GenerateKeyText(RSA *pubkey)
const;
102 void InitX509Store();
116 #endif // CVMFS_CRYPTO_SIGNATURE_H_
Failures Verify(unsigned char *manifest_data, size_t manifest_size, const std::string &base_url, const std::string &repository_name, const uint64_t minimum_timestamp, const shash::Any *base_catalog, signature::SignatureManager *signature_manager, download::DownloadManager *download_manager, ManifestEnsemble *ensemble)
std::vector< std::string > blacklist_
pthread_mutex_t lock_blacklist_
std::vector< RSA * > public_keys_
static int Init(const loader::LoaderExports *loader_exports)
X509_LOOKUP * x509_lookup_
RSA * private_master_key_